directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] directory-kerby git commit: Change GssAcceptCred to return the correction EncryptionKey
Date Thu, 03 Aug 2017 14:36:07 GMT
Change GssAcceptCred to return the correction EncryptionKey


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/e23f0c9e
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/e23f0c9e
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/e23f0c9e

Branch: refs/heads/trunk
Commit: e23f0c9eb8a9466a146d4f65bbb697b85d5f244c
Parents: daa1771
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Aug 3 15:11:42 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Aug 3 15:11:42 2017 +0100

----------------------------------------------------------------------
 .../kerberos/kerb/gss/impl/GssAcceptCred.java   | 26 +++++++++-----------
 .../kerberos/kerb/gss/impl/GssContext.java      |  7 +-----
 .../kerby/kerberos/kerb/gss/impl/GssUtil.java   | 12 +++++++++
 3 files changed, 25 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e23f0c9e/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
index d92af63..de198d8 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.java
@@ -20,6 +20,7 @@
 package org.apache.kerby.kerberos.kerb.gss.impl;
 
 
+import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSName;
 
@@ -62,7 +63,7 @@ public final class GssAcceptCred extends GssCredElement {
             if (keyTab != null) {
                 name = GssNameElement.getInstance(keyTab.getPrincipal().getName(),
                     GSSName.NT_HOSTBASED_SERVICE);
-            } else if (kerberosKeySet != null) {
+            } else {
                 name = GssNameElement.getInstance(
                     kerberosKeySet.iterator().next().getPrincipal().getName(),
                     GSSName.NT_HOSTBASED_SERVICE);
@@ -102,21 +103,18 @@ public final class GssAcceptCred extends GssCredElement {
         return this.keyTab;
     }
 
-    public KerberosKey[] getKeys() {
-        KerberosPrincipal princ = new KerberosPrincipal(name.getPrincipalName().getName(),
-            name.getPrincipalName().getNameType().getValue());
-        if (keyTab != null) {
-            return keyTab.getKeys(princ);
-        }
-
-        return null;
-    }
+    public EncryptionKey getEncryptionKey(int encryptType, int kvno) {
 
-    public KerberosKey[] getKerberosKeys() {
         if (kerberosKeySet != null) {
-            return kerberosKeySet.toArray(new KerberosKey[kerberosKeySet.size()]);
+            KerberosKey[] keys = kerberosKeySet.toArray(new KerberosKey[kerberosKeySet.size()]);
+            // We don't check the kvno here - see DIRKRB-638
+            return GssUtil.getEncryptionKey(keys, encryptType);
         }
-        return null;
-    }
 
+        // Otherwise get it from the keytab
+        KerberosPrincipal princ = new KerberosPrincipal(name.getPrincipalName().getName(),
+                                                        name.getPrincipalName().getNameType().getValue());
+        KerberosKey[] keys = keyTab.getKeys(princ);
+        return GssUtil.getEncryptionKey(keys, encryptType, kvno);
+    }
 }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e23f0c9e/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssContext.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssContext.java
b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssContext.java
index 52abfc3..1300836 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssContext.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssContext.java
@@ -435,12 +435,7 @@ public class GssContext implements GSSContextSpi {
         int kvno = apReq.getTicket().getEncryptedEncPart().getKvno();
         int encryptType = apReq.getTicket().getEncryptedEncPart().getEType().getValue();
 
-        EncryptionKey serverKey = GssUtil.getEncryptionKey(acceptCred.getKerberosKeys(),
encryptType, kvno);
-
-        if (serverKey == null) {
-            // Otherwise get it from the keytab
-            serverKey = GssUtil.getEncryptionKey(acceptCred.getKeys(), encryptType, kvno);
-        }
+        EncryptionKey serverKey = acceptCred.getEncryptionKey(encryptType, kvno);
         if (serverKey == null) {
             throw new GSSException(GSSException.FAILURE, -1, "Server key not found");
         }

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/e23f0c9e/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssUtil.java
----------------------------------------------------------------------
diff --git a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssUtil.java
b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssUtil.java
index 08e47df..099c79b 100644
--- a/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssUtil.java
+++ b/kerby-kerb/kerb-gssapi/src/main/java/org/apache/kerby/kerberos/kerb/gss/impl/GssUtil.java
@@ -348,6 +348,18 @@ public class GssUtil {
             return null;
         }
         for (KerberosKey krbKey : krbKeys) {
+            if (krbKey.getKeyType() == encType && krbKey.getVersionNumber() == kvno
&& !krbKey.isDestroyed()) {
+                return new EncryptionKey(krbKey.getKeyType(), krbKey.getEncoded());
+            }
+        }
+        return null;
+    }
+
+    public static EncryptionKey getEncryptionKey(KerberosKey[] krbKeys, int encType) {
+        if (krbKeys == null) {
+            return null;
+        }
+        for (KerberosKey krbKey : krbKeys) {
             if (krbKey.getKeyType() == encType && !krbKey.isDestroyed()) {
                 return new EncryptionKey(krbKey.getKeyType(), krbKey.getEncoded());
             }


Mime
View raw message